This is my first time asking a question so try not to be to hard on me.
I am competing in a small capture the flag event and am writing some simple batch scripts to help out a bit.
The purpose of program is to check if output from netstat -nao
is in the dontkill
variable. If it is, then don't kill it; if it is not, then look for the process id and kill the connection. dontkill
will contain my IP address so that it doesn't kill my remote connection to the computer.
Seems pretty simple, but I have had major trouble because I don't know how to write in batch very well.
Here is my code so far:
for /L %%i in (1,0,) do @for /f "tokens=5" %%j in ('netstat -nao ^| findstr ^"ESTABLISHED^"' ) do @taskkill /f /PID %%j
This goes through and looks for any ESTABLISHED connections and kills them in an infinite loop. I have tried many different variations of this command, and I recognize that I need some sort of a if/else
statement in the second do to check if dontkill
is the same as what is stored in the variable %%a
in the loop:
for /f "tokens=3" %%a in('"netstat -nao^|findstr ^"ESTABLISHED^"')
I know this would probably be easier in some other scripting language but it has to be batch because the computers I will be using it on will be fresh install Windows XP, Server 2003, 2008 and Win7.
Ok with the for loop directly above the variable a is carrying output like this "192.168.1.230:1003" so it has the ip address and also the port separated by a colon.
I need to be able to compare it to the variable dontkill which only has the Ip address.
Is there any way to get rid of the :1003 so that I can compare it to the variable dontkill.
I have been messing around with things such as
SET line="192.168.1.241:10256"
SET string3=%line::[0-9]*=%
but it doesn't work.
So to be clear I'm trying to go from "192.168.1.241:10256" to "192.168.1.241" so that I can compare the final result to dontkill and decide what to do.
Thanks for the help in advance.
Sudo code /////////////////////////////////////////////////////////////////// DONTKILL = "192.168.1.241"
FOR(NUMBER OF PROCESSES FILTERED BY FINDSTR. LOOK AT COLUMN 3 AND 5)
VAR A IS THE COLUMN 3 INFO which is some ip address with port "192.168.1.241:1003"
VAR B IS THE COLUMN 5 INFO which is PID "1524"
IF(DONTKILL == A)
DONTKILL THAT PROCESS
ELSE
KILL THAT PROCESS USING
TASKKILL /F /PID B
I got the inspiration for this method from http://blog.commandlinekungfu.com/2010/01/episode-76-say-hello-to-my-little.html
Like this :
@echo off&cls
setlocal EnableDelayedExpansion
set "DONTKILL=127.0.0.1"
for /f "tokens=1-5 delims= " %%a in ('netstat -nao ^| find /i "ESTABLISHED"' ) do (
echo [%%a] [%%b] [%%c] [%%d] [%%e]
call:GetIP %%c
if !$IP!==%DONTKILL% (
echo IP !$IP! IS EQUAL TO DONTKILL [%DONTKILL%]
echo.
) else (
echo IP !$IP! IS NOT EQUAL TO DONTKILL [%DONTKILL%]
echo.
)
)
exit/b
:GetIP
for /f "tokens=1 delims=:" %%a in ('echo %1') do (
set "$IP=%%a"
goto:eof)